Think You’re Secure? Think Again.
May 13, 2013 10 Comments
Think You’re Secure? Think Again.
We’ve all heard the endless stories of unscrupulous individuals hacking their way into computer networks and Web sites to steal personal information and credit card numbers, or simply wreak havoc on a company. The first quarter of 2013 saw an unprecedented number of data breaches reported in both the public and private sectors of the US economy. Additionally the cost of remediation per breached record has substantially increased.
Organizations are increasingly concerned that historical industry best practices are being stressed by the acceleration of new malware and Advanced Persistent Threats (APT). The insider threat has primarily morphed into phishing attacks and APT’s which leverage multiple internal security flaws and vulnerabilities to inject an attack and use that as an exploit to ex-filtrate data and/or intellectual property un-detected.
But you made sure that a state-of-the-art security “system” was in place for your company – a cyber attack or security breach could never happen to your business. Right?
Think again. The security of your IT assets and infrastructure is vital, and ensuring that you have an up-to-date and robust system is the key to that success.
The Security Process
Today, with the advent of APTs attackers are laser-focused on multi-pronged exploits that steal data or wreak havoc. Security is horizontal … it covers all IT infrastructure. The result is that security infrastructure becomes much more complex and fragmented. Attackers don’t discriminate and will take advantage of any gap in protection to reach their end goal. The bad guys continually evolve and innovate. All potential threat vectors need to be examined and addressed.
Chances are that when the IT infrastructure was originally deployed it was secure, clean and, organized. But as weeks, months, and even years pass, tactical changes in technology and the IT environment have probably occurred, weakening the security posture and opening it up to attack. Without a proactive but practical security strategy and processes in place that routinely deploy within a security model, identify controls, mitigate new technologies, and upgrades … the system will inevitably become vulnerable and fail.
There aren’t enough hours in the day, IT security teams have too many other responsibilities to be able to address today’s barrage of attacks with manual approaches. The ability to reduce labor intensive tasks and streamline processes with automation is essential. Holistic consolidation, integration, organization and … automation leveraging refresh and upgrades to evolve iteratively towards a cohesive Secure Immune Security System is a must in order to cope.
Secure Immune Security System
How do organizations cut through the hype, filter the noise … of fear, uncertainty and, doubt (FUD) and deal with real and present threats? How do organizations develop an affordable Secure Immune Security System that supports the business based on resource profile and — enables it to grow competitively while managing risk and protecting critical assets? How do organizations develop a continuous cycle to consolidate, integrate and organize mission critical infrastructure into a sustainable core while still enabling some healthy chaos and innovation on the edge?
This series of articles will seek to help organizations, big or small have the practical process, technology and strategy needed to ensure Proactive Defensible Security Posture. A defensible security posture leveraging a Secure Immune Security system together with strong Security Infrastructure Operations Management and refreshed by an Adaptive Security Architecture Lifecycle provides the confidence that your systems are safe or — if a breach does occur to effectively: Protect, Detect, Contain, Eradicate, Recover.
During an attack, the ability to continuously detect threats and block them is critical. After an attack, marginalizing the impact becomes the priority. To do this defenders need to take a proactive stance with retrospective security, the ability to identify the root cause, understand the scope of the damage, contain the event, eliminate the risk of re-infection, remediate it and bring operations back to normal.
Simplicity the Path to Better Security
The secret to success in security is typically simplicity, to have a well designed and organized infrastructure that provides the appropriate layer of controls while enabling users a consistent ‘policy managed’ experience regardless of location, transport or device. The challenge is in achieving that goal. Stay tuned for more information on lessons learned and experience from the field, success stories and, practical case studies. Coming soon the Security Architecture, Strategy and, Roadmap series.
Thank you for your interest.
Nige the Security Guy.